Abstract
A large number of emerging services expose their data using various Application Programming Interfaces (APIs). Consuming and fusing data form various providers is a challenging task, since separate client implementation is usually required for each API. The Semantic Web provides a set of standards and mechanisms for unifying data representation on the Web, as well as means of uniform access via its query language – SPARQL. However, the lack of data protection mechanisms for the SPARQL query language and its HTTP-based data access protocol might be the main reason why it is not widely accepted as a data exchange and linking mechanism. This paper presents an authorization proxy that solves this problem using query interception and rewriting. For a given client, it solely returns the permitted data for the requested query, defined via a flexible policy language that combines the RDF and SPARQL standards for policy definition.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
The query can be obtained from a request parameter or header, which is configurable in this system.
- 9.
The explanation can be turned on/off, and header name can also changed using the proxy’s configuration.
- 10.
Jena ARQ algebra transformer http://bit.ly/2rgvvLw.
- 11.
Two quad pattern are matched if all of their element match, which is the case when at least one of those elements is a variable, or when they are same.
- 12.
Here hq[i] denotes the i-th element of the policy’s p:head_quad.
- 13.
- 14.
The Listings 4.8 and 4.7 omit the quad’s graph element for simplicity.
References
Abel, F., De Coi, J.L., Henze, N., Koesling, A.W., Krause, D., Olmedilla, D.: Enabling advanced and context-dependent access control in RDF stores. In: Aberer, K., et al. (eds.) ASWC/ISWC -2007. LNCS, vol. 4825, pp. 1–14. Springer, Heidelberg (2007). doi:10.1007/978-3-540-76298-0_1
Chen, W., Stuckenschmidt, H.: A model-driven approach to enable access control for ontologies. Wirtschaftsinformatik 1, 663–672 (2009)
Dietzold, S., Auer, S.: Access control on RDF triple stores from a semantic wiki perspective. In: ESWC Workshop on Scripting for the Semantic Web, Citeseer (2006)
Flouris, G., Fundulaki, I., Michou, M., Antoniou, G.: Controlling access to RDF graphs. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds.) FIS 2010. LNCS, vol. 6369, pp. 107–117. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15877-3_12
Franzoni, S., Mazzoleni, P., Valtolina, S., Bertino, E.: Towards a fine-grained access control model and mechanisms for semantic databases. In: IEEE International Conference on Web Services (ICWS 2007), pp. 993–1000. IEEE (2007)
Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: Oasis extensible access control 2 markup language (xacml), vol. 3. Technical report, OASIS (2002)
Gutierrez, F.: Pro Spring Boot. Springer, Heidelberg (2016)
Heath, T., Bizer, C.: Linked data: evolving the web into a global data space. Synth. Lect. Semant. Web Theor. Technol. 1(1), 1–136 (2011)
Hollenbach, J., Presbrey, J., Berners-Lee, T.: Using rdf metadata to enable access control on the social semantic web. In: Proceedings of the Workshop on Collaborative Construction, Management and Linking of Structured Knowledge (CK 2009), vol. 514 (2009)
Kirrane, S.: Linked data with access control. Ph.D. thesis (2015)
Lopes, N., Kirrane, S., Zimmermann, A., Polleres, A., Mileo, A.: A logic programming approach for acess control over RDF. Ph.D. thesis (2012)
Muhleisen, H., Kost, M., Freytag, J.-C.: SWRL-based access policies for linked data. In: Procs of SPOT, vol. 80 (2010)
Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Morucci, S.: fQuery: SPARQL query rewriting to enforce data confidentiality. In: Foresti, S., Jajodia, S. (eds.) DBSec 2010. LNCS, vol. 6166, pp. 146–161. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13739-6_10
Padia, A., Finin, T., Joshi, A.: Attribute-based fine grained access control for triple stores. In: 14th International Semantic Web Conference (2015)
Scarioni, C.: Pro Spring Security. Apress, Berkeley (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Stojanov, R., Jovanovik, M. (2017). Authorization Proxy for SPARQL Endpoints. In: Trajanov, D., Bakeva, V. (eds) ICT Innovations 2017. ICT Innovations 2017. Communications in Computer and Information Science, vol 778. Springer, Cham. https://doi.org/10.1007/978-3-319-67597-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-67597-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67596-1
Online ISBN: 978-3-319-67597-8
eBook Packages: Computer ScienceComputer Science (R0)